Security researchers have tracked TeamPCP's supply chain campaign targeting AI, machine learning, and cloud computing developers. The threat actors distribute malicious packages through the Nx Console VS Code extension and npm repositories, including Mini Shai-Hulud, Shai-Hulud framework, durabletask, echarts-for-react, and size-sensor.